<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ActionDispatch::Session::CookieStore</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" href="../../../css/reset.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../../css/main.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../../css/github.css" type="text/css" media="screen" />
<script src="../../../js/jquery-1.3.2.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/jquery-effect.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/main.js" type="text/javascript" charset="utf-8"></script>
<script src="../../../js/highlight.pack.js" type="text/javascript" charset="utf-8"></script>

</head>

<body>     
    <div class="banner">
        
            <span>Ruby on Rails v4.0.0</span><br />
        
        <h1>
            <span class="type">Class</span> 
            ActionDispatch::Session::CookieStore 
            
                <span class="parent">&lt; 
                    
                    Rack::Session::Abstract::ID
                    
                </span>
            
        </h1>
        <ul class="files">
            
            <li><a href="../../../files/actionpack/lib/action_dispatch/middleware/session/cookie_store_rb.html">actionpack/lib/action_dispatch/middleware/session/cookie_store.rb</a></li>
            
        </ul>
    </div>
    <div id="bodyContent">
        <div id="content">
  
    <div class="description">
      
<p>This cookie-based session store is the <a href="../../Rails.html">Rails</a>
default. It is dramatically faster than the alternatives.</p>

<p>Sessions typically contain at most a user_id and flash message; both fit
within the 4K cookie size limit. A CookieOverflow exception is raised if
you attempt to store more than 4K of data.</p>

<p>The cookie jar used for storage is automatically configured to be the best
possible option given your application’s configuration.</p>

<p>If you only have secret_token set, your cookies will be signed, but not
encrypted. This means a user cannot alter his <code>user_id</code> without
knowing your app’s secret key, but can easily read his
<code>user_id</code>. This was the default for <a
href="../../Rails.html">Rails</a> 3 apps.</p>

<p>If you have secret_key_base set, your cookies will be encrypted. This goes
a step further than signed cookies in that encrypted cookies cannot be
altered or read by users. This is the default starting in <a
href="../../Rails.html">Rails</a> 4.</p>

<p>If you have both secret_token and secret_key base set, your cookies will be
encrypted, and signed cookies generated by <a
href="../../Rails.html">Rails</a> 3 will be transparently read and
encrypted to provide a smooth upgrade path.</p>

<p>Configure your session store in config/initializers/session_store.rb:</p>

<pre>Myapp::Application.config.session_store :cookie_store, key: '_your_app_session'</pre>

<p>Configure your secret key in config/initializers/secret_token.rb:</p>

<pre>Myapp::Application.config.secret_key_base 'secret key'</pre>

<p>To generate a secret key for an existing application, run `rake secret`.</p>

<p>If you are upgrading an existing <a href="../../Rails.html">Rails</a> 3
app, you should leave your existing secret_token in place and simply add
the new secret_key_base. Note that you should wait to set secret_key_base
until you have 100% of your userbase on <a
href="../../Rails.html">Rails</a> 4 and are reasonably sure you will not
need to rollback to <a href="../../Rails.html">Rails</a> 3. This is because
cookies signed based on the new secret_key_base in <a
href="../../Rails.html">Rails</a> 4 are not backwards compatible with <a
href="../../Rails.html">Rails</a> 3. You are free to leave your existing
secret_token in place, not set the new secret_key_base, and ignore the
deprecation warnings until you are reasonably sure that your upgrade is
otherwise complete. Additionally, you should take care to make sure you are
not relying on the ability to decode signed cookies generated by your app
in external applications or Javascript before upgrading.</p>

<p>Note that changing digest or secret invalidates all existing sessions!</p>

    </div>
  


  


  
  


  


  
    <!-- Method ref -->
    <div class="sectiontitle">Methods</div>
    <dl class="methods">
      
        <dt>D</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="CookieStore.html#method-i-destroy_session">destroy_session</a>
              </li>
            
          </ul>
        </dd>
      
        <dt>L</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="CookieStore.html#method-i-load_session">load_session</a>
              </li>
            
          </ul>
        </dd>
      
        <dt>N</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="CookieStore.html#method-c-new">new</a>
              </li>
            
          </ul>
        </dd>
      
    </dl>
  

  
    <!-- Includes -->
    <div class="sectiontitle">Included Modules</div>
    <ul>
      
        <li>
          
            <a href="Compatibility.html">
              ActionDispatch::Session::Compatibility
            </a>
          
        </li>
      
        <li>
          
            <a href="StaleSessionCheck.html">
              ActionDispatch::Session::StaleSessionCheck
            </a>
          
        </li>
      
    </ul>
  



  

    

    

    


    


    <!-- Methods -->
    
      <div class="sectiontitle">Class Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-c-new">
            
              <b>new</b>(app, options={})
            
            <a href="CookieStore.html#method-c-new" name="method-c-new" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-c-new_source')" id="l_method-c-new_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/ca58bf1543f515e560bdcdb0b7dc4c957e893f72/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb#L59" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-c-new_source" class="dyn-source">
                <pre><span class="ruby-comment"># File actionpack/lib/action_dispatch/middleware/session/cookie_store.rb, line 59</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">initialize</span>(<span class="ruby-identifier">app</span>, <span class="ruby-identifier">options</span>={})
  <span class="ruby-keyword">super</span>(<span class="ruby-identifier">app</span>, <span class="ruby-identifier">options</span>.<span class="ruby-identifier">merge!</span>(<span class="ruby-value">:cookie_only</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>))
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                  
      <div class="sectiontitle">Instance Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-i-destroy_session">
            
              <b>destroy_session</b>(env, session_id, options)
            
            <a href="CookieStore.html#method-i-destroy_session" name="method-i-destroy_session" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-destroy_session_source')" id="l_method-i-destroy_session_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/ca58bf1543f515e560bdcdb0b7dc4c957e893f72/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb#L63" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-destroy_session_source" class="dyn-source">
                <pre><span class="ruby-comment"># File actionpack/lib/action_dispatch/middleware/session/cookie_store.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">destroy_session</span>(<span class="ruby-identifier">env</span>, <span class="ruby-identifier">session_id</span>, <span class="ruby-identifier">options</span>)
  <span class="ruby-identifier">new_sid</span> = <span class="ruby-identifier">generate_sid</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:drop</span>]
  <span class="ruby-comment"># Reset hash and Assign the new session id</span>
  <span class="ruby-identifier">env</span>[<span class="ruby-string">&quot;action_dispatch.request.unsigned_session_cookie&quot;</span>] = <span class="ruby-identifier">new_sid</span> <span class="ruby-operator">?</span> { <span class="ruby-string">&quot;session_id&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">new_sid</span> } <span class="ruby-operator">:</span> {}
  <span class="ruby-identifier">new_sid</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
        
        <div class="method">
          <div class="title method-title" id="method-i-load_session">
            
              <b>load_session</b>(env)
            
            <a href="CookieStore.html#method-i-load_session" name="method-i-load_session" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-i-load_session_source')" id="l_method-i-load_session_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/ca58bf1543f515e560bdcdb0b7dc4c957e893f72/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb#L70" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-i-load_session_source" class="dyn-source">
                <pre><span class="ruby-comment"># File actionpack/lib/action_dispatch/middleware/session/cookie_store.rb, line 70</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">load_session</span>(<span class="ruby-identifier">env</span>)
  <span class="ruby-identifier">stale_session_check!</span> <span class="ruby-keyword">do</span>
    <span class="ruby-identifier">data</span> = <span class="ruby-identifier">unpacked_cookie_data</span>(<span class="ruby-identifier">env</span>)
    <span class="ruby-identifier">data</span> = <span class="ruby-identifier">persistent_session_id!</span>(<span class="ruby-identifier">data</span>)
    [<span class="ruby-identifier">data</span>[<span class="ruby-string">&quot;session_id&quot;</span>], <span class="ruby-identifier">data</span>]
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                    </div>

    </div>
  </body>
</html>    